REMARKS 



Claims 1-34 are pending in the present application. Claims 1, 3, 4, 5, 9, 1 1, 12, 
13, 17, 19, 20, 21, 25, 27, 28, and 29 are amended. Claims 1, 9, 17, and 25 are amended 
to recite "wherein the translating step includes replacing a character of the preferred word 
with another character, wherein the another character has a similar shape to the character 
of the preferred word." These features are supported at least on page 7, lines 25-30 of the 
current specification. 

Claims 3, 1 1, 19, and 27 are amended to recite "wherein said means for 
translating includes means for substituting a character of the preferred word for another 
character, wherein the another character is a special character." These features are 
supported at least on page 7, lines 25-30 of the current specification 

Claims 5, 13,21, and 29 are amended to recite "wherein said password is 
sufficiently similar to said preferred word, such that the password is remembered by the 
user if the user remembers the preferred word." These features are supported at least on 
page 2, lines 22-30 of the current specification. Claims 4, 12, 20, and 28 are amended to 
clarify "inserting at least one special character into the preferred word." These features 
are supported at least on page 8, lines 18-24 of the current specification. No new matter is 
added as a result of the above amendments. Reconsideration of the claims is respectfully 
requested.. 

I. 35 U.S.C. § 102(b), Aliened Anticipation, Claims 1-3, 5, 6, 9-11, 13, 14, 17-19, 
21, 22, 25-27, 29-30, and 33-34 

The Final Office Action rejects claims 1-3,5,6, 9-11, 13, 14, 17-19,21,22, 25- 
27, 29-30, and 33-34 under 35 U.S.C. § 102(b) as being allegedly anticipated by Guski 
(U.S. Patent No. 5,592,553). This rejection is respectfully traversed. 

Regarding claims 1, 9, 17, and 25, the Final Office Action states: 

As per claims 1,9, 17 and 25, Guski teaches a method of 
generating a password, said method comprising: 

receiving input from said user, specifying a password format 
(Guski: see for example, Figure 4 Element 424/310 and Column 9 Line 15 
-17 & Column 1 1 Line 41-45: 8-bytes or 8-characters format); 
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receiving a preferred word from a user (Guski: see for example, 
Abstract Line 1-13 and Column 3 Line 57-60: Guski teaches the non-time- 
dependent information that ultimately generates the desired password is 
preferably derived from the information such as a user ID or application 
ID (Examiner notes "preferably"-could also be something else as user 
preferred), which is qualified to serve as a simple/preferred word); 

translating said preferred word to produce a password; and 
providing said password to an application (Guski: see for example, Figure 
4- Password Generation, Element 302/Element 310, Column 1 1 Line 1 & 
Table 1 and Column 3 Line 18-36: The application is the target application 
at taught by Guski); 

wherein said preferred word is not stored (Guski: see for example, 
Figure 3 Element 320: The preferred word is transported over to the server 
at each time of password validation process); 

said password is not stored (Guski: see for example, Column 3 
Line 18-36 & Figure 3: One-time password is time-dependent and is not 
stored at the user/client side); and 

said password complies with the said application's required 
password format (Guski: see for example, Column 9 Line 49-50: A legal 
password should evidently comply with the password format). 

Final Office Action dated April 28, 2005, pages 4-5. 

A prior art reference anticipates the claimed invention under 35 U.S.C. § 102 only 
if every element of a claimed invention is identically shown in that single reference, 
arranged as they are in the claims. In re bond, 910 F .2d 831, 832, 15 U.S.P.Q.2d 1566, 
1567 (Fed Cir. 1990). All limitations of the claimed invention must be considered when 
determining patentability. In reLowry, 32 F.3d 1579, 1582, 21 U.S.P.Q.2d 1031, 1034 
(Fed Cir. 1994). Anticipation focuses on whether a claim reads on the product or process 
a prior art reference discloses, not on what the reference broadly teaches. Kalman v. 
Kimberly-Clark Corp., 713 F.2d 760, 218 U.S.P.Q. 781 (Fed. Cir. 1983). Specifically, 
Guski does not teach every element of the claimed invention arranged as they are in 
claims 1,9, 17, and 25 of the present invention. 

Amended independent claim 1, which is representative of amended claims 9, 17, 

and 25 with regard to similarly recited subject matter, now recites: 

1 . A method of generating a password, said method comprising: 
receiving a preferred word from a user; 

translating said preferred word to produce a password , wherein the 
translating step includes replacing a character of the preferred word with 
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another character, wherein the another character has a similar shape to the 
character of the preferred word ; and 

providing said password to an application; 
wherein: 

said preferred word is not permanently stored; 
said password is not permanently stored; and 
said password complies with said application's required password 
format. (Emphasis added). 

Guski does not teach the features emphasized above. As discussed in the 
Abstract, Guski teaches a system for authenticating a user that is located at an 
authenticating mode using one-time password that changes pseudorandomly with 
each request for authentication. At the requesting node a non-time dependent 
value is generated from nonsecret information identifying the user and the host 
application, using a secret encryption key shared with the authenticating node. 
The non-time-dependent is combined with time-dependent value to generate a 
composite value that is encrypted to produce an authentication parameter. The 
authentication parameter is reversibly transformed into an alphanumeric character 
string that is transmitted as a one-time password to the authenticating node. 

However, Guski does not teach a translating step that replaces a character 
of the preferred word with another character, wherein the another character has a 
similar shape to the character of the preferred word . The Final Office Action 
alleges, in the rejection of claim 5, that Guski teaches these features in Figure 4, 
where it illustrates that both the User ID and the one-time generated password are 
64 bits and thus they are similar with respect to the format size. Applicant 
respectfully disagrees. 

While Guski may teach that the User ID and the generated password is 
similar in length, Guski does not teach or suggest a translating step that replaces a 
character of the User ED with another character that has a similar shape to the 
character of the User ID. To the contrary, at column 8, lines 26-30, in order to 
generate a password, Guski teaches that the user's host user ID 302 is encrypted 
with the signon key 306 as the encryption key, to generate a 64-bit encryption 
product. The 64-bit encryption product is then combined bitwise with the 
application ID 304 using an exclusive OR or modulo 2 addition, (column 8, lines 
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53-27). The result of the XOR operation is encrypted using DES procedure with 
the signon key as the encryption key to generate a second 64-bit encryption 
product. The left most 4 bytes of the second 64-bit encryption product is then 
combined with the time/date using another XOR operation. The result of the 
XOR operation is passed as input to a 32-bit encipherment routine which encrypts 
the 32-bit quantity to generate an authentication parameter. The authentication 
parameter is passed to the translation routine, which uses a translation table to 
transform the authentication parameter into an 8-character string as a one-time 
password. 

Thus, in contrast to replacing a character of the User ID with another 
character that has a similar shape to the User ID, Guski encrypts the User ID with 
a signon key, XOR with an application ID, encrypts the result again with the 
signon key, XOR with a time/date, encrypts the result, and transforms the result 
into a 8 character string. Nowhere in the above section, or any other section, does 
Guski teach or suggest replacing any character of the User ID with a character 
that has a similar shape. The password generator of Guski is different from the 
password generator of the presently claimed invention in that the password 
generator of Guski combines the User ID, the application ID, the time/date, and 
the signon key as input parameters along with encryption to generate a one-time 
password that is used in the user's host application signon request. Guski's 
password generator does not replace a character of the preferred word with 
another character that has a similar shape to the character of the preferred word. 
For example, on page 7, lines 27-30 of the current specification, a password 
"PorSche" is generated for a preferred word, "Porsche" by replacing character "s" 
with a "$" that has a similar shape to "s". The password generator of Guski does 
not teach such features. Therefore, Guski does not teach a translating step that 
replaces a character of the preferred word with another character, wherein the 
another character has a similar shape to the character of the preferred word , as 
recited in claims 1, 9, 17, and 25 of the present invention. 

In view of the above, Guski does not teach each and every feature of claims 1, 9, 
17, and 25. At least by virtue of their dependency on claim 1, 9, 17, and 25, Guski does 
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not teach the features of dependent claims 2-3, 5, 6, 10-11, 13, 14, 18-19, 21, 22, 26-27, 
29-30, and 33-34. Accordingly, Applicant respectfully requests withdrawal of the 
rejection of claims 1-3, 5, 6, 9-11, 13, 14, 17-19, 21, 22, 25-27, 29-30, and 33-34 U.S.C. 
§ 102(b). 

In addition, Guski does not teach the specific features of claims 2-3, 5, 6, 
10-11, 13, 14, 18-19,21,22,26-27, 29-30, and 33-34 ofthe present invention. 
For example, with regard to dependent claim 3, which is representative of claims 
11,19, and 27, Guski does not teach a translating step that includes substituting a 
character of the preferred word for another character, wherein the another 
character is a special character. The Final Office Action alleges that Guski 
teaches these features at column 11, line 1 and in Table 1, which is shown below: 
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At column 11, lines 1 to column 12, line 1 and in Table 1, Guski teaches 
that the 32-bit authentication parameter is translated into a 8 character string by 
translating bits 31-32 and 1-4 (6 bits) to one time password character position 
The translation is done by dividing the binary number, represented by the six bits, 
by decimal 36 and using the remainder as an index into the translation as shown 
in Table 1. For example a remainder of 0 translates to a one-time password 
character of A, while a remainder of 20 translates to a one-time password 
character of U. As shown in Table 1, the first 26 slots are occupied by letters A- 
Z while the last 10 slots are occupied by numbers 0-9. Thus, Guski breaks the 32- 
bit authentication parameter into bits and translates a subset ofthe bits into a 
character by dividing the binary number, represented by the subset of bits, by a 
decimal and using the remainder to lookup a character in the translation table. 
Guski does not substitute a character of the preferred word with another character 
that is a special character. In addition, Guski could not have substitute a character 
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of the preferred word with another character that is a special character, because 
the translation table as provided by Guski only includes alphabets and numbers. 
The translation table does not include any special characters, such as "$" 
Therefore, not only does Guski fail to teach substituting a character of the 
preferred word with another character that is a special character, Guski can only 
substitute a character of the preferred word with an alphabet or a number, not a 
special character. Therefore, Guski does not teach the features of claims 3, 1 1, 
19, and 27 of the present invention. 

With regard to claim 5, which is representative of claims 13, 21, and 29 
with regard to similarly recited subject matter, Guski does not teach that the 
password is sufficiently similar to said preferred word, such that the password is 
remembered by the user if the user remembers the preferred word. As discussed 
above in arguments presented for claims 1, 9, 17, and 25, while Guski may teach 
a User ID and a generated password that is similar in length, Guski does not teach 
a password that is sufficiently similar to the preferred word, such that the 
password is remembered by the user if the user remembers the preferred word. 

To the contrary, Guski is not interested in a password that is sufficiently 
similar, such that the user can remember. Rather, Guski is only interested in 
generating a one-time password that changes pseudorandomly with each request 
for authentication (Abstract). This is different from the resulting password in the 
presently claimed invention, as described on page 2, lines 25-30 of the current 
specification, which the user may be able to remember. Therefore, Guski does 
not and would not teach a password that is sufficient, similar to the preferred 
word, such that the user remembers the password if the user remembers the 
preferred word, as recited in claims 5, 13, 21, and 29 of the present invention. 

In view of the above, Guski does not teach the specific features of claims 2-3, 5, 
6, 10-11, 13, 14, 18-19, 21, 22, 26-27, 29-30, and 33-34 in addition to the features of their 
independent claim 1,9, 17, and 25. Accordingly, the rejection of dependent claims 2-3, 
5,6, 10-11, 13, 14, 18-19,21,22, 26-27, 29-30, and 33-34 under 35 U.S.C. § 102(b) has 
been overcome. 
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II. 35 U.S.C. $ 103(a), Alleged Obviousness, Claims 4, 7-8, 12, 15-16, 20, 23-24, 
28, and 31-32 



The Final Office Action rejects claims 4, 7-8, 12, 15-16, 20, 23-24, 28, 31-32 
under 35 U.S.C. § 103(a) as being unpatentable over Guski in view of Audebert (U.S. 
Patent No. 5,887,065). This rejection is respectfully traversed. 

The Office bears the burden of establishing a prima facie case of obviousness 
based on the prior art when rejecting claims under 35 U.S.C. § 103. In re Fritch, 972 
F.2d 1260, 23 U.S.P.Q.2d 1780 (Fed. Cir. 1992). For an invention to be prima facie 
obvious, the prior art must teach or suggest all claim limitations. In re Royka, 490 F.2d 
981, 180 USPQ 580 (CCPA 1974). 

Neither Guski nor Audebert teaches or suggests a translating step that includes 
replacing a character of the preferred word with another character, wherein the another 
character has a similar shape to the character of the preferred word , as recited in claims 1 , 
9, 17, and 25, from which claims 4, 7-8, 12, 15-16, 20, 23-24, 28, 31-32 depend. As 
discussed above in the arguments presented in claims 1,9, 17, and 25, Guski does not 
teach these features, because Guski merely combines the User ID, the application ID, the 
time/date, and the signon key as input parameters along with encryption to generate a 
one-time password that is used in the user's host application signon request. Audebert 
also does not teach these features. 

As discussed in the Abstract, Audebert teaches a system that generating 
passwords by means of encryption of several dynamic variables, for example, a time- 
dependent variable or a variable representing the number of authentication requests. Only 
some of the least significant digits of the variables are transferred from the card-like unit 
to another unit, by adding digits to the password. The synchronization information is 
combined with corresponding variables in the second unit and used to calculate therein a 
value which has to match with the password to the function or service. Thus, instead of 
replacing a character of the preferred word with another character that has a similar 
shape, Audebert teaches adding digits to the password. Therefore, Audebert also does 
not teach the features of claims 1,9, 17, and 25 of the present invention, from which 
claims 4, 7-8, 12, 15-16, 20, 23-24, 28, 31-32 depend. 
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In addition, the Final Office Action alleges that it would have been obvious to a 
person of ordinary skill in the arts to combine the teachings of Audebert with the system 
of Guski because Guski teaches a password generating method through the use of non- 
time-dependent information and Audebert teaches translating functions involved in the 
generation of the password that can be implemented in a smart card, such that the 
software implementation on the PC can be simplified. Applicant respectfully disagrees. 

There is no teaching or suggestion in either Guski or Audebert to replace a 
character of the preferred word with another character that has a similar shape to the 
character of the preferred word. Instead of replacing a character of the User ID with a 
character that has a similar shape, Guski teaches combining the User ID, the application 
ED, the time/date, and the signon key as input parameters along with encryption to 
generate a one-time password. Contrary to replacing a character, Audebert adds digits to 
the password. Therefore, neither reference gives any teaching or suggestion to replace a 
character of a preferred word with a character that has a similar shape. 

Even, arguendo, if a person of ordinary skill in the art were to combine the 
teachings of Guski and Audebert, the resulting combination does not replace a character 
of the preferred word with another character that has a similar shape to the character of 
the preferred word. Rather, the resulting combination of the two references would be 
combining User ID, application ID, time/date, signon key to generate a one-time 
password and adding digits to the password. Therefore, a person of ordinary skill in the 
art would not have been led to combine the teachings of Guski and Audebert to reach the 
presently claimed invention. 

In view of the above, Applicant respectfully submits that neither Guski nor 
Audebert teaches or suggests the features of claims 1,9, 17, and 25. At least by virtue of 
their dependency on claims 1,9, 17, and 25 respectively, neither Guski nor Audebert 
teaches or suggests the features of dependent claims 4, 7-8, 12, 15-16, 20, 23-24, 28, 31- 
32. Accordingly, Applicant respectfully requests the withdrawal of the rejection of 
claims 4, 7-8, 12, 15-16,20,23-24, 28,31-32 under 35 U.S.C. § 103(a). 
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III. Conclusion 

It is respectfully urged that the subject application is patentable over the cited 
references and is now in condition for allowance. 

The Examiner is invited to call the undersigned at the below-listed telephone 
number if in the opinion of the Examiner such a telephone conference would expedite 
aid the prosecution and examination of this application. 



DATE: July 28, 2005 



Respectfully submitted, 




Wing Yan Mok 
Reg. No. 56,237 
Yee & Associates, P.C. 
P.O. Box 802333 
Dallas, TX 75380 
(972) 385-8777 
Agent for Applicant 
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